From 98f71dbad6a2cec6e9c4fd576276f6f7ba9f80d2 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Wed, 16 Apr 2014 17:14:20 +0200 Subject: [PATCH] - fixed EngineSetDebugPrivilege - added function EngineOpenProcess (with debug privilege option) - added UE_ENGINE_SET_DEBUG_PRIVILEGE - added debug privileges before CreateProcess and DebugActiveProcess - remove debug privilege from the child process - dumper/handler/importer/process now use EngineOpenProcess --- SDK/C/TitanEngine.h | 1 + SDK/CPP/TitanEngine.h | 1 + SDK/CPP/TitanEngine.hpp | 3 +- SDK/Delphi/TitanEngine.pas | 1 + SDK/LUA/TitanEngine.lua | 1 + SDK/MASM/TitanEngine.INC | 1 + SDK/Python/TitanEngine.py | 1 + TitanEngine/Global.Debugger.cpp | 1 + TitanEngine/Global.Debugger.h | 1 + TitanEngine/Global.Engine.cpp | 33 +++++++++++--- TitanEngine/Global.Engine.h | 2 + .../TitanEngine.Debugger.DebugLoop.cpp | 7 ++- TitanEngine/TitanEngine.Debugger.cpp | 43 ++++++++++++------- TitanEngine/TitanEngine.Dumper.cpp | 8 ++-- TitanEngine/TitanEngine.Engine.cpp | 4 ++ TitanEngine/TitanEngine.Handler.cpp | 10 ++--- TitanEngine/TitanEngine.Importer.cpp | 4 +- TitanEngine/TitanEngine.Process.cpp | 4 +- TitanEngine/stdafx.h | 1 + 19 files changed, 90 insertions(+), 37 deletions(-) diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 3fab79d..98022d8 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -51,6 +51,7 @@ #define UE_ENGINE_CALL_PLUGIN_CALLBACK 6 #define UE_ENGINE_RESET_CUSTOM_HANDLER 7 #define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8 +#define UE_ENGINE_SET_DEBUG_PRIVILEGE 9 #define UE_OPTION_REMOVEALL 1 #define UE_OPTION_DISABLEALL 2 diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 82aeb8e..1cc06f8 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -51,6 +51,7 @@ const BYTE UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5; const BYTE UE_ENGINE_CALL_PLUGIN_CALLBACK = 6; const BYTE UE_ENGINE_RESET_CUSTOM_HANDLER = 7; const BYTE UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8; +const BYTE UE_ENGINE_SET_DEBUG_PRIVILEGE = 9; const BYTE UE_OPTION_REMOVEALL = 1; const BYTE UE_OPTION_DISABLEALL = 2; diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index 631a9eb..42268af 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -70,7 +70,8 @@ enum eEngineVariable : DWORD UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = UE::UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS, UE_ENGINE_CALL_PLUGIN_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_CALLBACK, UE_ENGINE_RESET_CUSTOM_HANDLER = UE::UE_ENGINE_RESET_CUSTOM_HANDLER, - UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK + UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK, + UE_ENGINE_SET_DEBUG_PRIVILEGE = UE::UE_ENGINE_SET_DEBUG_PRIVILEGE }; enum eBPRemoveOption : DWORD diff --git a/SDK/Delphi/TitanEngine.pas b/SDK/Delphi/TitanEngine.pas index 591413a..2455a56 100644 --- a/SDK/Delphi/TitanEngine.pas +++ b/SDK/Delphi/TitanEngine.pas @@ -336,6 +336,7 @@ const UE_ENGINE_CALL_PLUGIN_CALLBACK = 6; UE_ENGINE_RESET_CUSTOM_HANDLER = 7; UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8; + UE_ENGINE_SET_DEBUG_PRIVILEGE = 9; UE_OPTION_REMOVEALL = 1; UE_OPTION_DISABLEALL = 2; diff --git a/SDK/LUA/TitanEngine.lua b/SDK/LUA/TitanEngine.lua index 006048b..95dfda1 100644 --- a/SDK/LUA/TitanEngine.lua +++ b/SDK/LUA/TitanEngine.lua @@ -36,6 +36,7 @@ UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5 UE_ENGINE_CALL_PLUGIN_CALLBACK = 6 UE_ENGINE_RESET_CUSTOM_HANDLER = 7 UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8 +UE_ENGINE_SET_DEBUG_PRIVILEGE = 9 UE_OPTION_REMOVEALL = 1 UE_OPTION_DISABLEALL = 2 diff --git a/SDK/MASM/TitanEngine.INC b/SDK/MASM/TitanEngine.INC index 4e8ced8..c30e458 100644 --- a/SDK/MASM/TitanEngine.INC +++ b/SDK/MASM/TitanEngine.INC @@ -23,6 +23,7 @@ UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS EQU 5 UE_ENGINE_CALL_PLUGIN_CALLBACK EQU 6 UE_ENGINE_RESET_CUSTOM_HANDLER EQU 7 UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK EQU 8 +UE_ENGINE_SET_DEBUG_PRIVILEGE EQU 9 UE_OPTION_REMOVEALL EQU 1 UE_OPTION_DISABLEALL EQU 2 UE_OPTION_REMOVEALLDISABLED EQU 3 diff --git a/SDK/Python/TitanEngine.py b/SDK/Python/TitanEngine.py index dfc930a..25ae8d3 100644 --- a/SDK/Python/TitanEngine.py +++ b/SDK/Python/TitanEngine.py @@ -27,6 +27,7 @@ UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5 UE_ENGINE_CALL_PLUGIN_CALLBACK = 6 UE_ENGINE_RESET_CUSTOM_HANDLER = 7 UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8 +UE_ENGINE_SET_DEBUG_PRIVILEGE = 9 UE_OPTION_REMOVEALL = 1 UE_OPTION_DISABLEALL = 2 diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp index 11dda8f..96e6c16 100644 --- a/TitanEngine/Global.Debugger.cpp +++ b/TitanEngine/Global.Debugger.cpp @@ -18,6 +18,7 @@ ULONG_PTR DebugReserveModuleBase = NULL; ULONG_PTR DebugDebuggingMainModuleBase = NULL; ULONG_PTR DebugDebuggingDLLBase = NULL; bool DebugAttachedToProcess = false; +bool DebugRemoveDebugPrivilege = false; bool DebugDebuggingDLL = false; wchar_t* DebugDebuggingDLLFullFileName; wchar_t* DebugDebuggingDLLFileName; diff --git a/TitanEngine/Global.Debugger.h b/TitanEngine/Global.Debugger.h index c8d08b1..b7490a5 100644 --- a/TitanEngine/Global.Debugger.h +++ b/TitanEngine/Global.Debugger.h @@ -15,6 +15,7 @@ extern ULONG_PTR DebugModuleEntryPoint; extern ULONG_PTR DebugModuleImageBase; extern ULONG_PTR DebugAttachedProcessCallBack; extern bool DebugAttachedToProcess; +extern bool DebugRemoveDebugPrivilege; extern ULONG_PTR DebugReserveModuleBase; extern ULONG_PTR DebugDebuggingMainModuleBase; extern ULONG_PTR DebugDebuggingDLLBase; diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 6e9400b..975a0d3 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -17,6 +17,7 @@ bool engineRemoveConsoleForDebugee = false; bool enginePassAllExceptions = true; bool engineExecutePluginCallBack = true; bool engineAutoHideFromDebugger = false; // hardcoded +bool engineEnableDebugPrivilege = false; char engineFoundDLLName[512] = {0}; char engineFoundAPIName[512] = {0}; @@ -2037,13 +2038,31 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege) memset(&tokenPrivileges, 0, sizeof(TOKEN_PRIVILEGES)); LUID luid; if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) - return false; - tokenPrivileges.PrivilegeCount = 1; - tokenPrivileges.Privileges[0].Luid = luid; + { + dwLastError = GetLastError(); + CloseHandle(hToken); + return dwLastError; + } + tokenPrivileges.PrivilegeCount = 1; + tokenPrivileges.Privileges[0].Luid = luid; if(bEnablePrivilege) - tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; - else + tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + else tokenPrivileges.Privileges[0].Attributes = 0; - AdjustTokenPrivileges(hToken, FALSE, &tokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL); - return GetLastError(); + AdjustTokenPrivileges(hToken, FALSE, &tokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL); + dwLastError = GetLastError(); + CloseHandle(hToken); + return dwLastError; +} + +HANDLE EngineOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId) +{ + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), true); + HANDLE hProcess = OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId); + DWORD dwLastError = GetLastError(); + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), false); + SetLastError(dwLastError); + return hProcess; } diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index 1c0726d..9f01ebf 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -20,6 +20,7 @@ extern bool engineRemoveConsoleForDebugee; extern bool enginePassAllExceptions; extern bool engineExecutePluginCallBack; extern bool engineAutoHideFromDebugger; +extern bool engineEnableDebugPrivilege; //Global.Engine.Functions void EngineInit(); @@ -52,5 +53,6 @@ ULONG_PTR EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName); bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount); ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType); DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege); +HANDLE EngineOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); #endif //_GLOBAL_ENGINE_H \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp index 7b62fe1..cedd0f5 100644 --- a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp +++ b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp @@ -26,6 +26,8 @@ __declspec(dllexport) void TITCALL DebugLoop() bool hListThreadFirst = true; bool hListLibraryFirst = true; bool MemoryBpxFound = false; + bool RemoveDebugPrivilege = DebugRemoveDebugPrivilege; //store the flag in a local variable + DebugRemoveDebugPrivilege = false; //reset this flag PLIBRARY_ITEM_DATAW hLoadedLibData = NULL; PLIBRARY_BREAK_DATA ptrLibrarianData = NULL; typedef void(TITCALL *fCustomBreakPoint)(void); @@ -87,7 +89,7 @@ __declspec(dllexport) void TITCALL DebugLoop() { case CREATE_PROCESS_DEBUG_EVENT: { - if(DBGFileHandle == NULL) //we didn't set the handle yet + if(DBGFileHandle == NULL) //we didn't set the handle yet (initial process) { DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress; DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile; @@ -137,6 +139,9 @@ __declspec(dllexport) void TITCALL DebugLoop() NewThreadData.ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; NewThreadData.ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; hListThread.push_back(NewThreadData); + //remove debug privilege from child process + if(RemoveDebugPrivilege) + EngineSetDebugPrivilege(DBGEvent.u.CreateProcessInfo.hProcess, false); } //update process list PROCESS_ITEM_DATA NewProcessItem; diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index 9cc6f19..2f4b3a9 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -11,7 +11,6 @@ static wchar_t szBackupDebuggedFileName[512]; // TitanEngine.Debugger.functions: __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder) { - wchar_t* PtrUniFileName = NULL; wchar_t uniFileName[MAX_PATH] = {}; wchar_t* PtrUniCommandLine = NULL; @@ -55,10 +54,17 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC DebugConsoleFlag = CREATE_NO_WINDOW; } std::vector().swap(BreakPointBuffer); + if(engineEnableDebugPrivilege) + { + EngineSetDebugPrivilege(GetCurrentProcess(), true); + DebugRemoveDebugPrivilege = true; + } if(szCommandLine == NULL) { if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) { + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), false); DebugAttachedToProcess = false; DebugAttachedProcessCallBack = NULL; std::vector().swap(BreakPointBuffer); @@ -66,6 +72,11 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC } else { + if(engineEnableDebugPrivilege) + { + EngineSetDebugPrivilege(GetCurrentProcess(), false); + DebugRemoveDebugPrivilege = false; + } RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION); return(0); } @@ -75,6 +86,8 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) { + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), false); DebugAttachedToProcess = false; DebugAttachedProcessCallBack = NULL; std::vector().swap(BreakPointBuffer); @@ -82,6 +95,11 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC } else { + if(engineEnableDebugPrivilege) + { + EngineSetDebugPrivilege(GetCurrentProcess(), false); + DebugRemoveDebugPrivilege = false; + } RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION); return(0); } @@ -191,11 +209,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese DebugModuleEntryPointCallBack = EntryCallBack; return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder)); } - else - { - return(NULL); - } - return(NULL); + return 0; } __declspec(dllexport) bool TITCALL StopDebug() @@ -207,15 +221,11 @@ __declspec(dllexport) bool TITCALL StopDebug() Sleep(10); //allow thread switching return true; } - else - { - return false; - } + return false; } __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack) { - typedef void(WINAPI *fDebugSetProcessKillOnExit)(bool KillExitingDebugee); fDebugSetProcessKillOnExit myDebugSetProcessKillOnExit; LPVOID funcDebugSetProcessKillOnExit = NULL; @@ -223,8 +233,15 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL) { std::vector().swap(BreakPointBuffer); + if(engineEnableDebugPrivilege) + { + EngineSetDebugPrivilege(GetCurrentProcess(), true); + DebugRemoveDebugPrivilege = true; + } if(DebugActiveProcess(ProcessId)) { + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), false); if(KillOnExit) { funcDebugSetProcessKillOnExit = GetProcAddress(GetModuleHandleA("kernel32.dll"), "DebugSetProcessKillOnExit"); @@ -246,10 +263,6 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx return true; } } - else - { - return false; - } return false; } diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp index f657408..7f7ee30 100644 --- a/TitanEngine/TitanEngine.Dumper.cpp +++ b/TitanEngine/TitanEngine.Dumper.cpp @@ -274,7 +274,7 @@ __declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageB HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint); @@ -364,7 +364,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryS HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName); @@ -466,7 +466,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDu HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly); @@ -537,7 +537,7 @@ __declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleB HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) //If the function fails, the return value is NULL. To get extended error information, call GetLastError. { ReturnValue = DumpModuleW(hProcess, ModuleBase, szDumpFileName); diff --git a/TitanEngine/TitanEngine.Engine.cpp b/TitanEngine/TitanEngine.Engine.cpp index e07ff33..3c5cb14 100644 --- a/TitanEngine/TitanEngine.Engine.cpp +++ b/TitanEngine/TitanEngine.Engine.cpp @@ -38,6 +38,10 @@ __declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool Vari { engineExecutePluginCallBack = VariableSet; } + else if(VariableId == UE_ENGINE_SET_DEBUG_PRIVILEGE) + { + engineEnableDebugPrivilege = VariableSet; + } } __declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles) diff --git a/TitanEngine/TitanEngine.Handler.cpp b/TitanEngine/TitanEngine.Handler.cpp index 3fe5c8a..d9fb27f 100644 --- a/TitanEngine/TitanEngine.Handler.cpp +++ b/TitanEngine/TitanEngine.Handler.cpp @@ -1,7 +1,7 @@ #include "stdafx.h" #include "definitions.h" #include "Global.Handle.h" - +#include "Global.Engine.h" bool NtQuerySysHandleInfo(DynBuf& buf) { @@ -334,7 +334,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO { EngineCloseHandle(hProcess); } - hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); + hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); LastProcessId = HandleInfo->ProcessId; } if(hProcess != NULL) @@ -441,7 +441,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr { EngineCloseHandle(hProcess); } - hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); + hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); LastProcessId = HandleInfo->ProcessId; } if(hProcess != NULL) @@ -544,7 +544,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN { EngineCloseHandle(hProcess); } - hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); + hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); LastProcessId = HandleInfo->ProcessId; } if(hProcess != NULL) @@ -749,7 +749,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t { EngineCloseHandle(hProcess); } - hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, FALSE, HandleInfo->ProcessId); + hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, FALSE, HandleInfo->ProcessId); LastProcessId = HandleInfo->ProcessId; } if(hProcess != NULL) diff --git a/TitanEngine/TitanEngine.Importer.cpp b/TitanEngine/TitanEngine.Importer.cpp index 0539202..639795b 100644 --- a/TitanEngine/TitanEngine.Importer.cpp +++ b/TitanEngine/TitanEngine.Importer.cpp @@ -555,7 +555,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON { if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName)) { - HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); DumpProcessW(hProcess, (LPVOID)ImageBase, szTempName, NULL); ImporterAutoSearchIATW(ProcessId, szTempName, SearchStart, pIATStart, pIATSize); @@ -609,7 +609,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_ //do we need to dump first? if(DumpRunningProcess) { - HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress)) { diff --git a/TitanEngine/TitanEngine.Process.cpp b/TitanEngine/TitanEngine.Process.cpp index 78a9ee6..89b8427 100644 --- a/TitanEngine/TitanEngine.Process.cpp +++ b/TitanEngine/TitanEngine.Process.cpp @@ -36,7 +36,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName) { if(bProcessId[i] != NULL) { - hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, false, bProcessId[i]); + hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION, false, bProcessId[i]); if(hProcess != NULL) { if(GetProcessImageFileNameW(hProcess, szProcessPath, _countof(szProcessPath)) > NULL) @@ -96,7 +96,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, { if(bProcessId[i] != NULL) { - hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]); + hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]); if(hProcess != NULL) { RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules)); diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index 4456e9d..e8f9a1f 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -362,6 +362,7 @@ typedef struct HOOK_ENTRY #define UE_ENGINE_CALL_PLUGIN_CALLBACK 6 #define UE_ENGINE_RESET_CUSTOM_HANDLER 7 #define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8 +#define UE_ENGINE_SET_DEBUG_PRIVILEGE 9 #define UE_OPTION_REMOVEALL 1 #define UE_OPTION_DISABLEALL 2